Reflection
suryasree
Accesscontrol.docx|
|
|
|
Course Name: |
Access Control |
|
Course Description: |
The course provides an in depth study of the three main security principles: availability, integrity and confidentiality. The course will examine: mechanisms used in access control, what resources an entity can access and the extent of the entity’s capabilities to interact with the resource. The course will also examine approaches to auditing how an entity interacts with the resource. |
|
Course Objectives/Learner Outcomes:
|
Course Objectives/Learner Outcomes: Upon completion of this course, the student will: · Identify the types of access control technologies used in a networking environment. · Implement knowledge-based and biometric authentication. · Identify knowledge-based and characteristics-based authentication technologies. · Recognize how single sign-on systems (SSOs), one-time passwords (OTPs), and smart cards are used for authentication · Determine the appropriate type of authentication to implement in a given enterprise scenario. · Recognize ways of securing passwords and identify different types of attacks against passwords and password files. · Select the appropriate access control model for a scenario. · Determine the most appropriate access control model to implement in a given situation. · Recognize how different types of access control techniques operate. · Distinguish between centralized and decentralized access control administration mechanisms. · Identify information detection system (IDS) mechanisms and implementation methods, and recognize various intrusion detection and prevention techniques. |
|
Prerequisites: |
There are no prerequisites for this course. |
|
Books and Resources: |
Required Text: Chapple, Mike, Ballad, Bill, Ballad, Tricia, and Banks, Erin K. Access Control, Authentication, and Public Key Infrastructure, Second Edition. Jones & Bartlett Learning, 2016, ISBN: 978-1-284-03159-1
Other articles and readings may be assigned by course professor. Recommended Materials/Resources Please use the following author’s names, book/article titles, Web sites, and/or keywords to search for supplementary information to augment your learning in this subject. · Official (ISC)2 CISSP Training Seminar Handbook. International Information Systems Security Consortium, 2014. · Harris, Shon. All in One CISSP Exam Guide, Sixth Edition. McGraw-Hill, 2013. · Rhodes-Ousley, Mark. The Complete Reference to Information Security, Second Edition. McGraw-Hill, 2013.
Professional Associations · International Information Systems Security Certification Consortium, Inc., (ISC)²® This Web site provides access to current industry information. It also provides opportunities in networking and contains valuable career tools. http://www.isc2.org/ · International Association of Privacy Professionals (IAPP) This Web site provides opportunity to interact with a community of privacy professionals and to learn from their experiences. This Web site also provides valuable career advice. https://www.privacyassociation.org/ · ISACA This Web site provides access to original research, practical education, career-enhancing certification, industry-leading standards, and best practices. It also provides a network of likeminded colleagues and contains professional resources and technical/managerial publications. https://www.isaca.org/Pages/default.aspx |
Tentative Course Expectations (specific due dates are listed in the course module)
Note: Assignments in the following table are listed when they are due.
|
Unit |
Unit Topic |
Reading |
Assignment Due** |
|
1 |
Lessons 1 & 2: Access Control Framework, Assessing Risk, and Impact on Access Control |
Ch. #1 - 2 |
Lab 1: Configuring an Active Directory Domain Controller Lab 2: Managing Windows Accounts and Organizational Units Lab 1 Quiz Lab 2 Quiz Discussion Forum : Introduce Yourself to your classmates Jan 12 |
|
2 |
Lessons 3 & 4: Business Drivers for Access Controls Access Control Policies, Standards, Procedures, and Guidelines |
Ch. #3 - 4 |
Lab 3: Configuring Windows File System Permissions Lab 3 Quiz Lab 4: Managing Group Policy Objects in Active Directory Lab 3 Quiz Lab 4 Quiz Jan 19 |
|
3 |
Lessons 5 & 6: Security Breaches and the Law Mapping Business Challenges to Access Control Types |
Ch. #5 - 6 |
Lab 5: Managing Group Policy Objects in Active Directory Lab 6: Configuring Windows Firewall Lab 5 Quiz Lab 6 Quiz Jan 26 |
|
4 |
Lessons 7 & 8: Human Nature and Organizational Behavior Access Control for Information Systems |
Ch. #7 - 8 |
Midterm Exam. No Lab is due. Feb 2 |
|
5 |
Lesson 9 & 10: Physical Security and Access Control Access Control in the Enterprise |
Ch. #9 -10 |
Lab 9: Configuring Linux File System Permissions Lab 10: Configuring Linux File System Permissions
Lab 10 Quiz.
Feb 9 |
|
6 |
Lesson 11 & 12: Access Control System Implementations Access Control Solutions for Remote Workers |
Ch. #11 - 12 |
Lecture Quizzes 11 & 12 Feb 16 |
|
7 |
Lessons 13, 14 & 15: Public Key Infrastructure and Encryption; Testing Access Control Systems Access Control Security Models; Access Control Assurance |
Ch. #13, 14, 15 |
Lab 13: Encrypting and Decrypting Files with PKI Lab 14: Lab 9: Authenticating Security Communications with Digital Signatures Lab 15: Encrypting and Decrypting Web Traffic with HTTPS |
|
-- |
Review Course No Lecture |
Review Chapters 1- 15 |
Final Exam Feb 26
|
*
1
